From 958c1c29c201b6a23fd5e7eaedb1499f0d6f404a Mon Sep 17 00:00:00 2001
From: Brady Miller <brady.g.miller@gmail.com>
Date: Thu, 22 Mar 2018 08:05:32 -0700
Subject: [PATCH] security fixes (#1519)

---
 interface/billing/get_claim_file.php               | 16 +++--
 interface/billing/sl_eob_process.php               | 56 +++++++++--------
 interface/billing/sl_eob_search.php                | 51 +++++++---------
 .../de_identification_forms/find_code_popup.php    | 70 ++++++++++------------
 .../find_immunization_popup.php                    | 64 ++++++++++----------
 interface/fax/fax_dispatch.php                     |  9 ++-
 interface/forms/CAMOS/view.php                     | 36 +++++------
 interface/forms/reviewofs/view.php                 |  4 +-
 interface/main/finder/finder_navigation.php        | 15 ++++-
 interface/orders/types.php                         | 18 +++---
 interface/patient_file/letter.php                  | 58 +++++++++++++-----
 .../patient_file/transaction/add_transaction.php   |  4 +-
 library/custom_template/personalize.php            | 39 ++++--------
 library/sanitize.inc.php                           | 16 ++---
 14 files changed, 243 insertions(+), 213 deletions(-)

diff --git a/interface/billing/get_claim_file.php b/interface/billing/get_claim_file.php
index 4af5c0f3a..2b1a4b27f 100644
--- a/interface/billing/get_claim_file.php
+++ b/interface/billing/get_claim_file.php
@@ -1,8 +1,14 @@
 <?php
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
+/**
+ * get_claim_file.php
+ *
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
+ */
+
 
 require_once(dirname(__FILE__) . "/../globals.php");
 require_once $GLOBALS['OE_SITE_DIR'] . "/config.php";
@@ -22,7 +28,7 @@ if (strtolower(substr($fname, (strlen($fname)-4))) == ".pdf") {
 $fname = $claim_file_dir . $fname;
 
 if (!file_exists($fname)) {
-    echo xl("The claim file: ") . $_GET['key'] . xl(" could not be accessed.");
+    echo xl("The claim file: ") . text($_GET['key']) . xl(" could not be accessed.");
 } else {
     $fp = fopen($fname, 'r');
 
diff --git a/interface/billing/sl_eob_process.php b/interface/billing/sl_eob_process.php
index cc134f875..c66669d23 100644
--- a/interface/billing/sl_eob_process.php
+++ b/interface/billing/sl_eob_process.php
@@ -1,15 +1,19 @@
 <?php
-    // Copyright (C) 2006-2010 Rod Roark <rod@sunsetsystems.com>
-    //
-    // This program is free software; you can redistribute it and/or
-    // modify it under the terms of the GNU General Public License
-    // as published by the Free Software Foundation; either version 2
-    // of the License, or (at your option) any later version.
-
-    // This processes X12 835 remittances and produces a report.
-
-    // Buffer all output so we can archive it to a file.
-    ob_start();
+/**
+ * This processes X12 835 remittances and produces a report.
+ *
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    Rod Roark <rod@sunsetsystems.com>
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2006-2010 Rod Roark <rod@sunsetsystems.com>
+ * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
+ */
+
+
+// Buffer all output so we can archive it to a file.
+ob_start();
 
 require_once("../globals.php");
 require_once("$srcdir/invoice_summary.inc.php");
@@ -20,15 +24,15 @@ require_once("adjustment_reason_codes.php");
 require_once("remark_codes.php");
 require_once("$srcdir/billing.inc");
 
-    $debug = $_GET['debug'] ? 1 : 0; // set to 1 for debugging mode
-    $paydate = parse_date($_GET['paydate']);
-    $encount = 0;
+$debug = $_GET['debug'] ? 1 : 0; // set to 1 for debugging mode
+$paydate = parse_date($_GET['paydate']);
+$encount = 0;
 
-    $last_ptname = '';
-    $last_invnumber = '';
-    $last_code = '';
-    $invoice_total = 0.00;
-    $InsertionId;//last inserted ID of
+$last_ptname = '';
+$last_invnumber = '';
+$last_code = '';
+$invoice_total = 0.00;
+$InsertionId;//last inserted ID of
 
 ///////////////////////// Assorted Functions /////////////////////////
 
@@ -640,7 +644,7 @@ if (!$debug) {
     $fnreport = "$nameprefix$namesuffix.html";
     $fhreport = fopen($fnreport, 'w');
     if (!$fhreport) {
-        die(xl("Cannot create") . " '$fnreport'");
+        die(xl("Cannot create") . " '" . text($fnreport) . "'");
     }
 }
 
@@ -738,12 +742,12 @@ if ($alertmsg) {
 }
 ?>
 </script>
-<input type="hidden" name="paydate" value="<?php echo DateToYYYYMMDD($_REQUEST['paydate']);?>" />
-<input type="hidden" name="post_to_date" value="<?php echo DateToYYYYMMDD($_REQUEST['post_to_date']);?>" />
-<input type="hidden" name="deposit_date" value="<?php echo DateToYYYYMMDD($_REQUEST['deposit_date']);?>" />
-<input type="hidden" name="debug" value="<?php echo $_REQUEST['debug'];?>" />
-<input type="hidden" name="InsId" value="<?php echo $_REQUEST['InsId'];?>" />
-<input type="hidden" name="eraname" value="<?php echo $eraname?>" />
+<input type="hidden" name="paydate" value="<?php echo attr(DateToYYYYMMDD($_REQUEST['paydate'])); ?>" />
+<input type="hidden" name="post_to_date" value="<?php echo attr(DateToYYYYMMDD($_REQUEST['post_to_date'])); ?>" />
+<input type="hidden" name="deposit_date" value="<?php echo attr(DateToYYYYMMDD($_REQUEST['deposit_date'])); ?>" />
+<input type="hidden" name="debug" value="<?php echo attr($_REQUEST['debug']); ?>" />
+<input type="hidden" name="InsId" value="<?php echo attr($_REQUEST['InsId']); ?>" />
+<input type="hidden" name="eraname" value="<?php echo attr($eraname); ?>" />
 </form>
 </body>
 </html>
diff --git a/interface/billing/sl_eob_search.php b/interface/billing/sl_eob_search.php
index e485ff17e..46d3e3f4d 100644
--- a/interface/billing/sl_eob_search.php
+++ b/interface/billing/sl_eob_search.php
@@ -2,28 +2,21 @@
 /**
  * This the first of two pages to support posting of EOBs.
  * The second is sl_eob_invoice.php.
- * Windows compatibility and statement downloading:
- *      2009 Bill Cernansky and Tony McCormick [mi-squared.com]
  *
- * Copyright (C) 2005-2010 Rod Roark <rod@sunsetsystems.com>
- *
- * LICENSE: This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
- *
- * @package OpenEMR
- * @author  Rod Roark <rod@sunsetsystems.com>
- * @author  Roberto Vasquez <robertogagliotta@gmail.com>
- * @author  Jerry Padgett <sjpadgett@gmail.com>
- * @link    http://www.open-emr.org
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    Rod Roark <rod@sunsetsystems.com>
+ * @author    Bill Cernansky
+ * @author    Tony McCormick
+ * @author    Roberto Vasquez <robertogagliotta@gmail.com>
+ * @author    Jerry Padgett <sjpadgett@gmail.com>
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2005-2010 Rod Roark <rod@sunsetsystems.com>
+ * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
+
+
 require_once("../globals.php");
 require_once("$srcdir/patient.inc");
 require_once("$srcdir/invoice_summary.inc.php");
@@ -642,14 +635,14 @@ if (($_POST['form_print'] || $_POST['form_download'] || $_POST['form_email'] ||
             <?php xl('Source:', 'e'); ?>
        </td>
        <td>
-         <input type='text' name='form_source' size='10' value='<?php echo $_POST['form_source']; ?>'
+         <input type='text' name='form_source' size='10' value='<?php echo attr($_POST['form_source']); ?>'
          title='<?php xl("A check number or claim number to identify the payment", "e"); ?>'>
        </td>
        <td>
             <?php xl('Pay Date:', 'e'); ?>
        </td>
        <td>
-         <input type='text' name='form_paydate' size='10' value='<?php echo $_POST['form_paydate']; ?>'
+         <input type='text' name='form_paydate' size='10' value='<?php echo attr($_POST['form_paydate']); ?>'
          onkeyup='datekeyup(this,mypcc)' onblur='dateblur(this,mypcc)'
          title='<?php xl("Date of payment yyyy-mm-dd", "e"); ?>'>
        </td>
@@ -658,7 +651,7 @@ if (($_POST['form_print'] || $_POST['form_download'] || $_POST['form_email'] ||
             <?php xl('Deposit Date:', 'e'); ?>
        </td>
        <td>
-         <input type='text' name='form_deposit_date' size='10' value='<?php echo $_POST['form_deposit_date']; ?>'
+         <input type='text' name='form_deposit_date' size='10' value='<?php echo attr($_POST['form_deposit_date']); ?>'
          onkeyup='datekeyup(this,mypcc)' onblur='dateblur(this,mypcc)'
          title='<?php xl("Date of bank deposit yyyy-mm-dd", "e"); ?>'>
        </td>
@@ -667,7 +660,7 @@ if (($_POST['form_print'] || $_POST['form_download'] || $_POST['form_email'] ||
             <?php xl('Amount:', 'e'); ?>
        </td>
        <td>
-         <input type='text' name='form_amount' size='10' value='<?php echo $_POST['form_amount']; ?>'
+         <input type='text' name='form_amount' size='10' value='<?php echo attr($_POST['form_amount']); ?>'
          title='<?php xl("Paid amount that you will allocate", "e"); ?>'>
        </td>
        <td align='right'>
@@ -684,35 +677,35 @@ if (($_POST['form_print'] || $_POST['form_download'] || $_POST['form_email'] ||
         <?php xl('Name:', 'e'); ?>
      </td>
      <td>
-       <input type='text' name='form_name' size='10' value='<?php echo $_POST['form_name']; ?>'
+       <input type='text' name='form_name' size='10' value='<?php echo attr($_POST['form_name']); ?>'
        title='<?php xl("Any part of the patient name, or \"last,first\", or \"X-Y\"", "e"); ?>'>
      </td>
      <td>
         <?php xl('Chart ID:', 'e'); ?>
      </td>
      <td>
-       <input type='text' name='form_pid' size='10' value='<?php echo $_POST['form_pid']; ?>'
+       <input type='text' name='form_pid' size='10' value='<?php echo attr($_POST['form_pid']); ?>'
        title='<?php xl("Patient chart ID", "e"); ?>'>
      </td>
      <td>
         <?php xl('Encounter:', 'e'); ?>
      </td>
      <td>
-       <input type='text' name='form_encounter' size='10' value='<?php echo $_POST['form_encounter']; ?>'
+       <input type='text' name='form_encounter' size='10' value='<?php echo attr($_POST['form_encounter']); ?>'
        title='<?php xl("Encounter number", "e"); ?>'>
      </td>
      <td>
         <?php xl('Svc Date:', 'e'); ?>
      </td>
      <td>
-       <input type='text' name='form_date' size='10' value='<?php echo $_POST['form_date']; ?>'
+       <input type='text' name='form_date' size='10' value='<?php echo attr($_POST['form_date']); ?>'
        title='<?php xl("Date of service mm/dd/yyyy", "e"); ?>'>
      </td>
      <td>
         <?php xl('To:', 'e'); ?>
      </td>
      <td>
-       <input type='text' name='form_to_date' size='10' value='<?php echo $_POST['form_to_date']; ?>'
+       <input type='text' name='form_to_date' size='10' value='<?php echo attr($_POST['form_to_date']); ?>'
        title='<?php xl("Ending DOS mm/dd/yyyy if you wish to enter a range", "e"); ?>'>
      </td>
      <td>
diff --git a/interface/de_identification_forms/find_code_popup.php b/interface/de_identification_forms/find_code_popup.php
index 3088b8e11..16c400867 100644
--- a/interface/de_identification_forms/find_code_popup.php
+++ b/interface/de_identification_forms/find_code_popup.php
@@ -1,21 +1,17 @@
 <?php
-/********************************************************************************\
- * Copyright (C) ViCarePlus, Visolve (vicareplus_engg@visolve.com)              *
- *                                                                              *
- * This program is free software; you can redistribute it and/or                *
- * modify it under the terms of the GNU General Public License                  *
- * as published by the Free Software Foundation; either version 2               *
- * of the License, or (at your option) any later version.                       *
- *                                                                              *
- * This program is distributed in the hope that it will be useful,              *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of               *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the                *
- * GNU General Public License for more details.                                 *
- *                                                                              *
- * You should have received a copy of the GNU General Public License            *
- * along with this program; if not, write to the Free Software                  *
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.  *
- \********************************************************************************/
+/**
+ * find_code_popup.php
+ *
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    Visolve <vicareplus_engg@visolve.com>
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) ViCarePlus, Visolve <vicareplus_engg@visolve.com>
+ * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
+ */
+
+
 require_once("../globals.php");
 require_once("$srcdir/patient.inc");
 require_once("../../custom/code_types.inc.php");
@@ -37,14 +33,14 @@ td { font-size:10pt; }
 <script language="JavaScript">
 //pass value selected to the parent window
  function window_submit(chk)
- { 
+ {
   var str;
   var len=chk.length;
-  if (len==undefined && chk.checked==1) 
+  if (len==undefined && chk.checked==1)
   {
     if(!str)
       str = chk.value;
-    else  
+    else
     str = "#"+chk.value;
   }
   else
@@ -55,7 +51,7 @@ td { font-size:10pt; }
     {
      if(!str)
       str = chk[pr].value;
-     else 
+     else
       str = str+"#"+chk[pr].value;
     }
    }
@@ -66,16 +62,16 @@ td { font-size:10pt; }
    alert("<?php echo xl('The destination form was closed');?>");
   else
    opener.set_related(str,"diagnosis");
-   
+
   window.close();
-  
+
  }
- 
+
 function window_close(chk)
 {
  window.close();
 }
- 
+
 function chkbox_select_none(chk)
 {
  var len=chk.length;
@@ -111,7 +107,7 @@ function check_search_str()
   return false;
  }
  top.restoreSession();
- return true; 
+ return true;
 }
 
 </script>
@@ -130,7 +126,7 @@ function check_search_str()
    <b>
 <?php
 if ($codetype) {
-    echo "<input type='text' name='form_code_type' value='$codetype' size='5' readonly>\n";
+    echo "<input type='text' name='form_code_type' value='" . attr($codetype) . "' size='5' readonly>\n";
 } else {
     echo "   <select name='form_code_type'";
     echo ">\n";
@@ -153,10 +149,10 @@ if ($codetype) {
 }
 ?>
     <?php xl('Search for', 'e'); ?>
-   <input type='text' name='search_term' id='search_term' size='12' value='<?php echo $_REQUEST['search_term']; ?>'
+   <input type='text' name='search_term' id='search_term' size='12' value='<?php echo attr($_REQUEST['search_term']); ?>'
     title='<?php xl('Any part of the desired code or its description', 'e'); ?>' />
-   &nbsp;  
-   <input type='submit' name='bn_search' id='bn_search' value='<?php xl('Search', 'e'); ?>' />   
+   &nbsp;
+   <input type='submit' name='bn_search' id='bn_search' value='<?php xl('Search', 'e'); ?>' />
    </b>
   </td>
  </tr>
@@ -187,7 +183,7 @@ if ($codetype) {
             $drug_id = addslashes($row['drug_id']);
             $selector = addslashes($row['selector']);
             $desc = addslashes($row['name']);
-            ?>    
+            ?>
              <input type="checkbox" name="diagnosis[row_count]" value= "<?php echo $desc; ?>" > <?php echo $drug_id."    ".$selector."     ".$desc."</br>";
         }
     } else {
@@ -205,7 +201,7 @@ if ($codetype) {
             echo xl('Please enter new search string');?>");
           document.theform.search_term.value=" ";
              document.theform.search_term.focus();
-             </script>    
+             </script>
                 <?php
             }
 
@@ -232,14 +228,14 @@ if ($codetype) {
 <center>
 </br>
  <input type='button' id='select_all' value='<?php xl('Select All', 'e'); ?>' onclick="chkbox_select_all(document.select_diagonsis.chkbox);"/>
- 
+
  <input type='button' id='unselect_all' value='<?php xl('Unselect All', 'e'); ?>' onclick="chkbox_select_none(document.select_diagonsis.chkbox);"/>
- 
+
  <input type='button' id='submit' value='<?php xl('Submit', 'e'); ?>' onclick="window_submit(document.select_diagonsis.chkbox);"/>
- 
+
  <input type='button' id='cancel' value='<?php xl('Cancel', 'e'); ?>' onclick="window_close();"/>
- 
-</center> 
+
+</center>
 <?php } ?>
 </form>
 </body>
diff --git a/interface/de_identification_forms/find_immunization_popup.php b/interface/de_identification_forms/find_immunization_popup.php
index 4ac1887e4..f03e17614 100644
--- a/interface/de_identification_forms/find_immunization_popup.php
+++ b/interface/de_identification_forms/find_immunization_popup.php
@@ -1,21 +1,17 @@
 <?php
-/********************************************************************************\
- * Copyright (C) ViCarePlus, Visolve (vicareplus_engg@visolve.com)              *
- *                                                                              *
- * This program is free software; you can redistribute it and/or                *
- * modify it under the terms of the GNU General Public License                  *
- * as published by the Free Software Foundation; either version 2               *
- * of the License, or (at your option) any later version.                       *
- *                                                                              *
- * This program is distributed in the hope that it will be useful,              *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of               *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the                *
- * GNU General Public License for more details.                                 *
- *                                                                              *
- * You should have received a copy of the GNU General Public License            *
- * along with this program; if not, write to the Free Software                  *
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.  *
- \********************************************************************************/
+/**
+ * find_immunization_popup.php
+ *
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    Visolve <vicareplus_engg@visolve.com>
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) ViCarePlus, Visolve <vicareplus_engg@visolve.com>
+ * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
+ */
+
+
 require_once("../globals.php");
 require_once("$srcdir/patient.inc");
 require_once("../../custom/code_types.inc.php");
@@ -35,14 +31,14 @@ td { font-size:10pt; }
 <script language="JavaScript">
 //pass value selected to the parent window
  function window_submit(chk)
- { 
+ {
   var str;
   var len=chk.length;
-  if (len==undefined && chk.checked==1) 
+  if (len==undefined && chk.checked==1)
   {
     if(!str)
       str = chk.value;
-    else  
+    else
     str = "#"+chk.value;
   }
   else
@@ -53,7 +49,7 @@ td { font-size:10pt; }
     {
      if(!str)
       str = chk[pr].value;
-     else 
+     else
       str = str+"#"+chk[pr].value;
     }
    }
@@ -64,16 +60,16 @@ td { font-size:10pt; }
    alert("<?php echo xl('The destination form was closed');?>");
   else
    opener.set_related(str,"immunizations");
-   
+
   window.close();
-  
+
  }
- 
+
 function window_close(chk)
 {
  window.close();
 }
- 
+
 function chkbox_select_none(chk)
 {
  var len=chk.length;
@@ -110,7 +106,7 @@ function check_search_str()
  }
  top.restoreSession();
  return true;
-}   
+}
 </script>
 </head>
 <body class="body_top">
@@ -125,10 +121,10 @@ function check_search_str()
   <td>
    <b>
     <?php xl('Search for', 'e'); ?>
-   <input type='text' name='search_term' id='search_term' size='12' value='<?php echo $_REQUEST['search_term']; ?>'
+   <input type='text' name='search_term' id='search_term' size='12' value='<?php echo attr($_REQUEST['search_term']); ?>'
     title='<?php xl('Any part of the immunization id or immunization name', 'e'); ?>' />
    &nbsp;
-   <input type='submit' name='bn_search' value='<?php xl('Search', 'e'); ?>' />  
+   <input type='submit' name='bn_search' value='<?php xl('Search', 'e'); ?>' />
    </b>
   </td>
  </tr>
@@ -143,7 +139,7 @@ function check_search_str()
 <?php if ($_REQUEST['bn_search']) { ?>
 <table border='0'>
  <tr>
-  <td colspan="4">  
+  <td colspan="4">
 <?php
   $search_term = $_REQUEST['search_term'];
   {
@@ -160,7 +156,7 @@ if ($row = sqlFetchArray($res)) {
         echo xl('Please enter new search string');?>");
      document.theform.search_term.value=" ";
      document.theform.search_term.focus();
-     </script>    
+     </script>
         <?php
     }
 
@@ -185,13 +181,13 @@ if ($row = sqlFetchArray($res)) {
  </table>
 <center>
  <input type='button' name='select_all' value='<?php xl('Select All', 'e'); ?>' onclick="chkbox_select_all(document.select_immunization.chkbox);"/>
- 
+
  <input type='button' name='select_none' value='<?php xl('Unselect All', 'e'); ?>' onclick="chkbox_select_none(document.select_immunization.chkbox);"/>
- 
+
  <input type='button' name='submit' value='<?php xl('Submit', 'e'); ?>' onclick="window_submit(document.select_immunization.chkbox);"/>
- 
+
  <input type='button' name='cancel' value='<?php xl('Cancel', 'e'); ?>' onclick="window_close();"/>
- 
+
  </center>
 <?php } ?>
 </form>
diff --git a/interface/fax/fax_dispatch.php b/interface/fax/fax_dispatch.php
index 4d2c81727..a8c98d0a7 100644
--- a/interface/fax/fax_dispatch.php
+++ b/interface/fax/fax_dispatch.php
@@ -7,10 +7,11 @@
  * @author    Rod Roark <rod@sunsetsystems.com>
  * @author    Brady Miller <brady.g.miller@gmail.com>
  * @copyright Copyright (c) 2006-2010 Rod Roark <rod@sunsetsystems.com>
- * @copyright Copyright (c) 2017 Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2017-2018 Brady Miller <brady.g.miller@gmail.com>
  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
 
+
 require_once("../globals.php");
 require_once("$srcdir/patient.inc");
 require_once("$srcdir/pnotes.inc");
@@ -22,13 +23,17 @@ if ($_GET['file']) {
     $mode = 'fax';
     $filename = $_GET['file'];
 
-  // ensure the file variable has no illegal characters
+    // ensure the file variable has no illegal characters
     check_file_dir_name($filename);
 
     $filepath = $GLOBALS['hylafax_basedir'] . '/recvq/' . $filename;
 } else if ($_GET['scan']) {
     $mode = 'scan';
     $filename = $_GET['scan'];
+
+    // ensure the file variable has no illegal characters
+    check_file_dir_name($filename);
+
     $filepath = $GLOBALS['scanner_output_directory'] . '/' . $filename;
 } else {
     die("No filename was given.");
diff --git a/interface/forms/CAMOS/view.php b/interface/forms/CAMOS/view.php
index 50c735df0..d7e55e2e7 100755
--- a/interface/forms/CAMOS/view.php
+++ b/interface/forms/CAMOS/view.php
@@ -1,30 +1,32 @@
 <?php
 /**
- * Generated DocBlock
+ * CAMOS view.php
  *
- * @package OpenEMR
- * @link    http://www.open-emr.org
- * @author  markleeds <markleeds>
- * @author  fndtn357 <fndtn357@gmail.com>
- * @author  cornfeed <jdough823@gmail.com>
- * @author  cfapress <cfapress>
- * @author  Wakie87 <scott@npclinics.com.au>
- * @author  Robert Down <robertdown@live.com>
- * @author  Brady Miller <brady.g.miller@gmail.com>
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    markleeds <markleeds>
+ * @author    fndtn357 <fndtn357@gmail.com>
+ * @author    cornfeed <jdough823@gmail.com>
+ * @author    cfapress <cfapress>
+ * @author    Wakie87 <scott@npclinics.com.au>
+ * @author    Robert Down <robertdown@live.com>
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2008 cfapress <cfapress>
  * @copyright Copyright (c) 2009 markleeds <markleeds>
- * @copyright Copyright (c) 2012 fndtn357 <fndtn357@gmail.com>
  * @copyright Copyright (c) 2011 cornfeed <jdough823@gmail.com>
- * @copyright Copyright (c) 2008 cfapress <cfapress>
+ * @copyright Copyright (c) 2012 fndtn357 <fndtn357@gmail.com>
  * @copyright Copyright (c) 2016 Wakie87 <scott@npclinics.com.au>
+ * @copyright Copyright (c) 2016-2018 Brady Miller <brady.g.miller@gmail.com>
  * @copyright Copyright (c) 2017 Robert Down <robertdown@live.com>
- * @copyright Copyright (c) 2016 Brady Miller <brady.g.miller@gmail.com>
- * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
+
+
 ?>
 <!-- view.php -->
 <?php
-include_once("../../globals.php");
-include_once("../../../library/api.inc");
+require_once("../../globals.php");
+require_once("../../../library/api.inc");
 formHeader("Form: CAMOS");
 $textarea_rows = 22;
 $textarea_cols = 90;
@@ -71,7 +73,7 @@ function show_edit(t) {
 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
 </head>
 <body class="body_top">
-<form method=post action="<?php echo $rootdir?>/forms/CAMOS/save.php?mode=delete&id=<?php echo $_GET["id"];?>" name="my_form">
+<form method=post action="<?php echo $rootdir?>/forms/CAMOS/save.php?mode=delete&id=<?php echo attr($_GET["id"]); ?>" name="my_form">
 <h1> <?php xl('CAMOS', 'e'); ?> </h1>
 <input type="submit" name="delete" value="<?php xl('Delete Selected Items', 'e'); ?>" />
 <input type="submit" name="update" value="<?php xl('Update Selected Items', 'e'); ?>" />
diff --git a/interface/forms/reviewofs/view.php b/interface/forms/reviewofs/view.php
index 9ca68de17..3e1d05e00 100644
--- a/interface/forms/reviewofs/view.php
+++ b/interface/forms/reviewofs/view.php
@@ -8,7 +8,7 @@
  * @author    Brady Miller <brady.g.miller@gmail.com>
  * @author    Robert Down <robertdown@live.com>
  * @copyright Copyright (c) 2008 cfapress <cfapress>
- * @copyright Copyright (c) 2016-2017 Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2016-2018 Brady Miller <brady.g.miller@gmail.com>
  * @copyright Copyright (c) 2017 Robert Down <robertdown@live.com>
  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
@@ -40,7 +40,7 @@ $obj = formFetch("form_reviewofs", $_GET["id"]);
             </div>
         </div>
         <div class="row">
-            <form method=post action="<?php echo $rootdir; ?>/forms/reviewofs/save.php?mode=update&id=<?php echo $_GET["id"]; ?>" name="my_form" onsubmit="return top.restoreSession()">
+            <form method=post action="<?php echo $rootdir; ?>/forms/reviewofs/save.php?mode=update&id=<?php echo attr($_GET["id"]); ?>" name="my_form" onsubmit="return top.restoreSession()">
                 <fieldset>
                     <legend><?php echo xlt('General')?></legend>
                     <div class="row">
diff --git a/interface/main/finder/finder_navigation.php b/interface/main/finder/finder_navigation.php
index 18fe37042..a1c4c1ed1 100644
--- a/interface/main/finder/finder_navigation.php
+++ b/interface/main/finder/finder_navigation.php
@@ -1,5 +1,16 @@
 <?php
-include_once("../../globals.php");
+/**
+ * finder_navigation.php
+ *
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
+ */
+
+
+require_once("../../globals.php");
 ?>
 
 <html>
@@ -19,7 +30,7 @@ include_once("../../globals.php");
 <tr>
 
 <td style="text-align:left; width: 250px; white-space: nowrap;">
-<input type="textbox" size="10" name="patient" value="<?php echo $_REQUEST['patient']; ?>" >
+<input type="textbox" size="10" name="patient" value="<?php echo attr($_REQUEST['patient']); ?>" >
 <select name="findBy">
 <option value="Last" <?php if ($_REQUEST['findBy'] == 'Last') {
     echo 'selected';
diff --git a/interface/orders/types.php b/interface/orders/types.php
index 0641d0a59..dc309fbb6 100644
--- a/interface/orders/types.php
+++ b/interface/orders/types.php
@@ -1,13 +1,17 @@
 <?php
 /**
- * Copyright (C) 2010-2012 Rod Roark <rod@sunsetsystems.com>
+ * types.php
  *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    Rod Roark <rod@sunsetsystems.com>
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2010-2012 Rod Roark <rod@sunsetsystems.com>
+ * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
 
+
 require_once("../globals.php");
 require_once("$srcdir/acl.inc");
 
@@ -248,11 +252,11 @@ function recolor() {
 <form method='post' name='theform' action='types.php?popup=<?php echo $popup ?>&order=<?php
 echo $order;
 if (isset($_GET['formid' ])) {
-    echo '&formid='  . $_GET['formid'];
+    echo '&formid='  . attr($_GET['formid']);
 }
 
 if (isset($_GET['formseq'])) {
-    echo '&formseq=' . $_GET['formseq'];
+    echo '&formseq=' . attr($_GET['formseq']);
 }
 ?>'>
 
diff --git a/interface/patient_file/letter.php b/interface/patient_file/letter.php
index d4852ede7..40aa0539c 100644
--- a/interface/patient_file/letter.php
+++ b/interface/patient_file/letter.php
@@ -1,16 +1,22 @@
 <?php
-// Copyright (C) 2007-2011 Rod Roark <rod@sunsetsystems.com>
-//
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
+/**
+ * letter.php
+ *
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    Rod Roark <rod@sunsetsystems.com>
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2007-2011 Rod Roark <rod@sunsetsystems.com>
+ * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
+ */
+
+
+require_once("../globals.php");
+require_once($GLOBALS['srcdir'] . "/patient.inc");
 
 use OpenEMR\Core\Header;
 
-include_once("../globals.php");
-include_once($GLOBALS['srcdir'] . "/patient.inc");
-
 $template_dir = $GLOBALS['OE_SITE_DIR'] . "/letter_templates";
 
 // array of field name tags to allow internationalization
@@ -199,7 +205,12 @@ if ($_POST['formaction']=="generate") {
 } else if (isset($_GET['template']) && $_GET['template'] != "") {
     // utilized to go back to autosaved template
     $bodytext = "";
-    $fh = fopen("$template_dir/".$_GET['template'], 'r');
+    $fh = fopen("$template_dir/" . convert_safe_file_dir_name($_GET['template']), 'r');
+
+    if (!$fh) {
+        die(xlt("Requested template does not exist"));
+    }
+
     while (!feof($fh)) {
         $bodytext.= fread($fh, 8192);
     }
@@ -211,7 +222,12 @@ if ($_POST['formaction']=="generate") {
     }
 } else if ($_POST['formaction'] == "loadtemplate" && $_POST['form_template'] != "") {
     $bodytext = "";
-    $fh = fopen("$template_dir/".$_POST['form_template'], 'r');
+    $fh = fopen("$template_dir/" . convert_safe_file_dir_name($_POST['form_template']), 'r');
+
+    if (!$fh) {
+        die(xlt("Requested template does not exist"));
+    }
+
     while (!feof($fh)) {
         $bodytext.= fread($fh, 8192);
     }
@@ -223,7 +239,7 @@ if ($_POST['formaction']=="generate") {
     }
 } else if ($_POST['formaction'] == "newtemplate" && $_POST['newtemplatename'] != "") {
     // attempt to save the template
-    $fh = fopen("$template_dir/".$_POST['newtemplatename'], 'w');
+    $fh = fopen("$template_dir/" . convert_safe_file_dir_name($_POST['newtemplatename']), 'w');
     // translate from definition to the constant
     $temp_bodytext = $_POST['form_body'];
     foreach ($FIELD_TAG as $key => $value) {
@@ -231,7 +247,7 @@ if ($_POST['formaction']=="generate") {
     }
 
     if (! fwrite($fh, $temp_bodytext)) {
-        echo xlt('Error while writing to file') . ' ' . $template_dir."/".$_POST['newtemplatename'];
+        echo xlt('Error while writing to file') . ' ' . $template_dir."/" . $_POST['newtemplatename'];
         die;
     }
 
@@ -239,7 +255,12 @@ if ($_POST['formaction']=="generate") {
 
     // read the saved file back
     $_POST['form_template'] = $_POST['newtemplatename'];
-    $fh = fopen("$template_dir/".$_POST['form_template'], 'r');
+    $fh = fopen("$template_dir/" . convert_safe_file_dir_name($_POST['form_template']), 'r');
+
+    if (!$fh) {
+        die(xlt("Requested template does not exist"));
+    }
+
     while (!feof($fh)) {
         $bodytext.= fread($fh, 8192);
     }
@@ -251,7 +272,7 @@ if ($_POST['formaction']=="generate") {
     }
 } else if ($_POST['formaction'] == "savetemplate" && $_POST['form_template'] != "") {
     // attempt to save the template
-    $fh = fopen("$template_dir/".$_POST['form_template'], 'w');
+    $fh = fopen("$template_dir/" . convert_safe_file_dir_name($_POST['form_template']), 'w');
     // translate from definition to the constant
     $temp_bodytext = $_POST['form_body'];
     foreach ($FIELD_TAG as $key => $value) {
@@ -266,7 +287,12 @@ if ($_POST['formaction']=="generate") {
     fclose($fh);
 
     // read the saved file back
-    $fh = fopen("$template_dir/".$_POST['form_template'], 'r');
+    $fh = fopen("$template_dir/" . convert_safe_file_dir_name($_POST['form_template']), 'r');
+
+    if (!$fh) {
+        die(xlt("Requested template does not exist"));
+    }
+
     while (!feof($fh)) {
         $bodytext.= fread($fh, 8192);
     }
diff --git a/interface/patient_file/transaction/add_transaction.php b/interface/patient_file/transaction/add_transaction.php
index c6b39b30b..7fe5ca19a 100644
--- a/interface/patient_file/transaction/add_transaction.php
+++ b/interface/patient_file/transaction/add_transaction.php
@@ -7,7 +7,7 @@
  * @link      http://www.open-emr.org
  * @author    Rod Roark <rod@sunsetsystems.com>
  * @author    Brady Miller <brady.g.miller@gmail.com>
- * @copyright Copyright (c) 2017 Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2017-2018 Brady Miller <brady.g.miller@gmail.com>
  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
 
@@ -24,7 +24,7 @@ $title   = empty($_REQUEST['title']) ? 'LBTref' : $_REQUEST['title'];
 $form_id = $title;
 
 // Plugin support.
-$fname = $GLOBALS['OE_SITE_DIR'] . "/LBF/$form_id.plugin.php";
+$fname = $GLOBALS['OE_SITE_DIR'] . "/LBF/" . convert_safe_file_dir_name($form_id) . ".plugin.php";
 if (file_exists($fname)) {
     include_once($fname);
 }
diff --git a/library/custom_template/personalize.php b/library/custom_template/personalize.php
index 6edb95c83..ecdf83772 100644
--- a/library/custom_template/personalize.php
+++ b/library/custom_template/personalize.php
@@ -1,29 +1,16 @@
 <?php
-// +-----------------------------------------------------------------------------+
-// Copyright (C) 2011 Z&H Consultancy Services Private Limited <sam@zhservices.com>
-//
-//
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; either version 2
-// of the License, or (at your option) any later version.
-//
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-//
-// A copy of the GNU General Public License is included along with this program:
-// openemr/interface/login/GnuGPL.html
-// For more information write to the Free Software
-// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-//
-// Author:   Eldho Chacko <eldho@zhservices.com>
-//           Jacob T Paul <jacob@zhservices.com>
-//
-// +------------------------------------------------------------------------------+
+/**
+ * personalize.php
+ *
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    Eldho Chacko <eldho@zhservices.com>
+ * @author    Jacob T Paul <jacob@zhservices.com>
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @copyright Copyright (c) 2011 Z&H Consultancy Services Private Limited <sam@zhservices.com>
+ * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
+ */
 
 
 require_once("../../interface/globals.php");
@@ -353,7 +340,7 @@ if (isset($_REQUEST['submitform']) && $_REQUEST['submitform'] == 'save') {
                 <?php
                 if (acl_check('nationnotes', 'nn_configure')) {
                     ?>
-                    <a href="add_template.php?list_id=<?php echo $_REQUEST['list_id']; ?>"
+                    <a href="add_template.php?list_id=<?php echo attr($_REQUEST['list_id']); ?>"
                        onclick="top.restoreSession();" class="iframe_small css_button"
                        title="<?php echo htmlspecialchars(xl('Add Category'), ENT_QUOTES); ?>"><span><?php echo htmlspecialchars(xl('Add Category'), ENT_QUOTES); ?></span></a>
                     <?php
diff --git a/library/sanitize.inc.php b/library/sanitize.inc.php
index 1c051f1e1..79b4f58bd 100644
--- a/library/sanitize.inc.php
+++ b/library/sanitize.inc.php
@@ -3,13 +3,13 @@
 * Function to check and/or sanitize things for security such as
 * directories names, file names, etc.
  *
- * @package OpenEMR
- * @link    http://www.open-emr.org
- * @author  Brady Miller <brady.g.miller@gmail.com>
- * @author  Roberto Vasquez <robertogagliotta@gmail.com>
- * @author  Shachar Zilbershlag <shaharzi@matrix.co.il>
- * @copyright Copyright (c) 2012-2017 Brady Miller <brady.g.miller@gmail.com>
- * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
+ * @package   OpenEMR
+ * @link      http://www.open-emr.org
+ * @author    Brady Miller <brady.g.miller@gmail.com>
+ * @author    Roberto Vasquez <robertogagliotta@gmail.com>
+ * @author    Shachar Zilbershlag <shaharzi@matrix.co.il>
+ * @copyright Copyright (c) 2012-2018 Brady Miller <brady.g.miller@gmail.com>
+ * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
 
 
@@ -28,7 +28,7 @@ function convert_safe_file_dir_name($label)
     return preg_replace('/[^A-Za-z0-9_.-]/', '_', $label);
 }
 
-//Basename functionality for nonenglish languages (without this, basename function ommits nonenglish characters).
+//Basename functionality for nonenglish languages (without this, basename function omits nonenglish characters).
 function basename_international($path)
 {
     $parts = preg_split('~[\\\\/]~', $path);
-- 
2.11.4.GIT